]> git.ipfire.org Git - people/ms/strongswan.git/blob - scripts/tls_test.c
projects / people / ms / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge branch 'utils-split'
[people/ms/strongswan.git] / scripts / tls_test.c
1 /*
2 * Copyright (C) 2010 Martin Willi
3 * Copyright (C) 2010 revosec AG
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include <unistd.h>
17 #include <stdio.h>
18 #include <sys/types.h>
19 #include <sys/socket.h>
20 #include <getopt.h>
21 #include <errno.h>
22 #include <string.h>
23
24 #include <library.h>
25 #include <utils/debug.h>
26 #include <tls_socket.h>
27 #include <networking/host.h>
28 #include <credentials/sets/mem_cred.h>
29
30 /**
31 * Print usage information
32 */
33 static void usage(FILE *out, char *cmd)
34 {
35 fprintf(out, "usage:\n");
36 fprintf(out, " %s --connect <address> --port <port> [--key <key] [--cert <file>]+ [--times <n>]\n", cmd);
37 fprintf(out, " %s --listen <address> --port <port> --key <key> [--cert <file>]+ [--times <n>]\n", cmd);
38 }
39
40 /**
41 * Check, as client, if we have a client certificate with private key
42 */
43 static identification_t *find_client_id()
44 {
45 identification_t *client = NULL, *keyid;
46 enumerator_t *enumerator;
47 certificate_t *cert;
48 public_key_t *pubkey;
49 private_key_t *privkey;
50 chunk_t chunk;
51
52 enumerator = lib->credmgr->create_cert_enumerator(lib->credmgr,
53 CERT_X509, KEY_ANY, NULL, FALSE);
54 while (enumerator->enumerate(enumerator, &cert))
55 {
56 pubkey = cert->get_public_key(cert);
57 if (pubkey)
58 {
59 if (pubkey->get_fingerprint(pubkey, KEYID_PUBKEY_SHA1, &chunk))
60 {
61 keyid = identification_create_from_encoding(ID_KEY_ID, chunk);
62 privkey = lib->credmgr->get_private(lib->credmgr,
63 pubkey->get_type(pubkey), keyid, NULL);
64 keyid->destroy(keyid);
65 if (privkey)
66 {
67 client = cert->get_subject(cert);
68 client = client->clone(client);
69 privkey->destroy(privkey);
70 }
71 }
72 pubkey->destroy(pubkey);
73 }
74 if (client)
75 {
76 break;
77 }
78 }
79 enumerator->destroy(enumerator);
80
81 return client;
82 }
83
84 /**
85 * Client routine
86 */
87 static int run_client(host_t *host, identification_t *server,
88 identification_t *client, int times, tls_cache_t *cache)
89 {
90 tls_socket_t *tls;
91 int fd, res;
92
93 while (times == -1 || times-- > 0)
94 {
95 fd = socket(AF_INET, SOCK_STREAM, 0);
96 if (fd == -1)
97 {
98 DBG1(DBG_TLS, "opening socket failed: %s", strerror(errno));
99 return 1;
100 }
101 if (connect(fd, host->get_sockaddr(host),
102 *host->get_sockaddr_len(host)) == -1)
103 {
104 DBG1(DBG_TLS, "connecting to %#H failed: %s", host, strerror(errno));
105 close(fd);
106 return 1;
107 }
108 tls = tls_socket_create(FALSE, server, client, fd, cache, TLS_1_2, TRUE);
109 if (!tls)
110 {
111 close(fd);
112 return 1;
113 }
114 res = tls->splice(tls, 0, 1) ? 0 : 1;
115 tls->destroy(tls);
116 close(fd);
117 if (res)
118 {
119 break;
120 }
121 }
122 return res;
123 }
124
125 /**
126 * Server routine
127 */
128 static int serve(host_t *host, identification_t *server,
129 int times, tls_cache_t *cache)
130 {
131 tls_socket_t *tls;
132 int fd, cfd;
133
134 fd = socket(AF_INET, SOCK_STREAM, 0);
135 if (fd == -1)
136 {
137 DBG1(DBG_TLS, "opening socket failed: %s", strerror(errno));
138 return 1;
139 }
140 if (bind(fd, host->get_sockaddr(host),
141 *host->get_sockaddr_len(host)) == -1)
142 {
143 DBG1(DBG_TLS, "binding to %#H failed: %s", host, strerror(errno));
144 close(fd);
145 return 1;
146 }
147 if (listen(fd, 1) == -1)
148 {
149 DBG1(DBG_TLS, "listen to %#H failed: %m", host, strerror(errno));
150 close(fd);
151 return 1;
152 }
153
154 while (times == -1 || times-- > 0)
155 {
156 cfd = accept(fd, host->get_sockaddr(host), host->get_sockaddr_len(host));
157 if (cfd == -1)
158 {
159 DBG1(DBG_TLS, "accept failed: %s", strerror(errno));
160 close(fd);
161 return 1;
162 }
163 DBG1(DBG_TLS, "%#H connected", host);
164
165 tls = tls_socket_create(TRUE, server, NULL, cfd, cache, TLS_1_2, TRUE);
166 if (!tls)
167 {
168 close(fd);
169 return 1;
170 }
171 tls->splice(tls, 0, 1);
172 DBG1(DBG_TLS, "%#H disconnected", host);
173 tls->destroy(tls);
174 }
175 close(fd);
176
177 return 0;
178 }
179
180 /**
181 * In-Memory credential set
182 */
183 static mem_cred_t *creds;
184
185 /**
186 * Load certificate from file
187 */
188 static bool load_certificate(char *filename)
189 {
190 certificate_t *cert;
191
192 cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
193 BUILD_FROM_FILE, filename, BUILD_END);
194 if (!cert)
195 {
196 DBG1(DBG_TLS, "loading certificate from '%s' failed", filename);
197 return FALSE;
198 }
199 creds->add_cert(creds, TRUE, cert);
200 return TRUE;
201 }
202
203 /**
204 * Load private key from file
205 */
206 static bool load_key(char *filename)
207 {
208 private_key_t *key;
209
210 key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA,
211 BUILD_FROM_FILE, filename, BUILD_END);
212 if (!key)
213 {
214 DBG1(DBG_TLS, "loading key from '%s' failed", filename);
215 return FALSE;
216 }
217 creds->add_key(creds, key);
218 return TRUE;
219 }
220
221 /**
222 * TLS debug level
223 */
224 static level_t tls_level = 1;
225
226 static void dbg_tls(debug_t group, level_t level, char *fmt, ...)
227 {
228 if ((group == DBG_TLS && level <= tls_level) || level <= 1)
229 {
230 va_list args;
231
232 va_start(args, fmt);
233 vfprintf(stderr, fmt, args);
234 fprintf(stderr, "\n");
235 va_end(args);
236 }
237 }
238
239 /**
240 * Cleanup
241 */
242 static void cleanup()
243 {
244 lib->credmgr->remove_set(lib->credmgr, &creds->set);
245 creds->destroy(creds);
246 library_deinit();
247 }
248
249 /**
250 * Initialize library
251 */
252 static void init()
253 {
254 library_init(NULL, "tls_test");
255
256 dbg = dbg_tls;
257
258 lib->plugins->load(lib->plugins, PLUGINS);
259
260 creds = mem_cred_create();
261 lib->credmgr->add_set(lib->credmgr, &creds->set);
262
263 atexit(cleanup);
264 }
265
266 int main(int argc, char *argv[])
267 {
268 char *address = NULL;
269 bool listen = FALSE;
270 int port = 0, times = -1, res;
271 identification_t *server, *client;
272 tls_cache_t *cache;
273 host_t *host;
274
275 init();
276
277 while (TRUE)
278 {
279 struct option long_opts[] = {
280 {"help", no_argument, NULL, 'h' },
281 {"connect", required_argument, NULL, 'c' },
282 {"listen", required_argument, NULL, 'l' },
283 {"port", required_argument, NULL, 'p' },
284 {"cert", required_argument, NULL, 'x' },
285 {"key", required_argument, NULL, 'k' },
286 {"times", required_argument, NULL, 't' },
287 {"debug", required_argument, NULL, 'd' },
288 {0,0,0,0 }
289 };
290 switch (getopt_long(argc, argv, "", long_opts, NULL))
291 {
292 case EOF:
293 break;
294 case 'h':
295 usage(stdout, argv[0]);
296 return 0;
297 case 'x':
298 if (!load_certificate(optarg))
299 {
300 return 1;
301 }
302 continue;
303 case 'k':
304 if (!load_key(optarg))
305 {
306 return 1;
307 }
308 continue;
309 case 'l':
310 listen = TRUE;
311 /* fall */
312 case 'c':
313 if (address)
314 {
315 usage(stderr, argv[0]);
316 return 1;
317 }
318 address = optarg;
319 continue;
320 case 'p':
321 port = atoi(optarg);
322 continue;
323 case 't':
324 times = atoi(optarg);
325 continue;
326 case 'd':
327 tls_level = atoi(optarg);
328 continue;
329 default:
330 usage(stderr, argv[0]);
331 return 1;
332 }
333 break;
334 }
335 if (!port || !address)
336 {
337 usage(stderr, argv[0]);
338 return 1;
339 }
340 host = host_create_from_dns(address, 0, port);
341 if (!host)
342 {
343 DBG1(DBG_TLS, "resolving hostname %s failed", address);
344 return 1;
345 }
346 server = identification_create_from_string(address);
347 cache = tls_cache_create(100, 30);
348 if (listen)
349 {
350 res = serve(host, server, times, cache);
351 }
352 else
353 {
354 client = find_client_id();
355 res = run_client(host, server, client, times, cache);
356 DESTROY_IF(client);
357 }
358 cache->destroy(cache);
359 host->destroy(host);
360 server->destroy(server);
361 return res;
362 }
Michael's strongswan development tree